Admin

Search

Jun

30

This is cool, in a “people spying on my country” kind of way: Gizmodo reports that the recent break-up of a supposed Russian deep cover spy ring included the FBI discovering their use of Steganography. As a security and crypto guy, this is very interesting.

Steganography is the hiding of information in plain sight, much like the lemon juice you used to use to write secret messages when you were a kid. Digital steganography alters computer files, usually pictures or audio files, to hide information within them. This is the first case that I’m aware of that uses real stego as part of real espionage. Assuming it’s really espionage that is.

For the technically minded, one way that digital steganography works is by altering the low-order bits of photos or music files. If we change the least significant bit of a pixel in a digital photo, the difference between it’s original value and the new value that encodes information is likely unnoticable by the human eye. The same can be said of digital photos.

Detecting steganography is difficult: you need to know the program used, or you need to perform complicated statistical analysis to stand a chance of detecting it. It’s remarkable to me that we’ve at last seen this technology in the wild.

Jun

28

I’ve come to suspect that my blog is the victim of spambots that have decided they might be able to do something interesting if they sign up for an account. Maybe they think they get author privileges once they have an account, but I restrict that role to myself (at least for the moment). I’ve put up with it for a while, since I believe there’s no harm in them signing up, the only new superpower registered readers get is “subscribe,” I believe.

It’s been making me uncomfortable however, because I’ve not spent much time keeping up with any security concerns in WordPress (the underlying blogging platform), and since I get an email every time a new user registers, it’s never too far from my mind…

As a result, I decided today to turn off the “anybody can register” feature. I’m also debating going through my user rolls and deleting the obvious spambots (anybody in .RU for starters, since I can’t imagine I’m much interest to someone in Russia…)

In the event I do decide to start going all Stalin on the registered user rolls, I put up another post, so people can let me know if I delete them and they really were interested in having an account.

We now return you to your regularly scheduled web surfing, already in progress…

Jun

16

Have you ever looked at your address book and seen an entry for someone you haven’t talked to in years? I usually think to myself “I wonder if that phone number is still good.” Sometimes I even wonder if people are still alive.

A Dutch information security researcher wants to use a concept similar to that to try to protect all that information about us that’s stored on line, according to an article at the BBC. The idea would be to have your information “degrade” over time, just like your confidence in whether that email address for Joanne is still any good.

At initial use to secure a transaction or get useful information from a search all relevant details might be stored. Subsequently details would slowly be swapped for more general information.

It’s an interesting concept. I’ve always been intrigued by the idea of looking to the physical world for solutions to problems in the digital one. I’ve frequently thought it would be interesting to look into mimicking the animal immune system for a computer anti-virus system, for instance.

Of course, Europe has better controls, and a different view, of information security than the US. It’s likely that any system like the one outlined by Dr. Heerde could be mandated here, because unlike Europe, in the US businesses own the information they collect about you, rather than you owning your own information. Still, it’s an idea to feed to the grist mill, and perhaps something interesting will come out the other side.